diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.2.1/cherrypy/filters/sessionfilter.py
--- CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix	2008-01-06 08:54:39.000000000 -0800
+++ CherryPy-2.2.1/cherrypy/filters/sessionfilter.py	2008-01-06 08:55:31.000000000 -0800
@@ -326,6 +326,8 @@ class FileStorage:
             raise SessionStoragePathNotConfiguredError()
         fileName = self.SESSION_PREFIX + id
         file_path = os.path.join(storage_path, fileName)
+        if not os.path.normpath(filePath).startswith(storagePath):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
         return file_path
     
     def _lock_file(self, path):